Closed Lamby777 closed 3 weeks ago
No longer relevant. Control panel is gone for now, and all important requests are done over POST and cookies are marked HTTP Only. Not sure if there are any other ways to harden against CSRF for now, but maybe will revisit this when adding an admin panel again after Rooms is complete
Haven't even made a UI control panel yet, so this doesn't really apply right now, but later on, there should be anti-CSRF measures to prevent any old Joe from sending an admin a sussy link to one of the
/cpl
routes.